Randomly-Modified First Network to Second Network Communication

ABSTRACT

Various embodiments are described that relate to random noise addition to a communication. A first secure network can employ a first encryption scheme and a second secure network can employ a second encryption scheme. In order to communicate between the first secure network and the second secure network such that the schemes are not decipherable, random noise can be added to a communication designated to transfer from the first secure network to the second secure network.

CROSS-REFERENCE

This application is a divisional application of, and claims priority to,U.S. application Ser. No. 15/933,931 filed on Mar. 23, 2018. U.S.application Ser. No. 15/933,931 is hereby incorporated by reference.

GOVERNMENT INTEREST

The innovation described herein may be manufactured, used, imported,sold, and licensed by or for the Government of the United States ofAmerica without the payment of any royalty thereon or therefor.

BACKGROUND

A pair of radios can attempt to transmit voice communications betweenone another. While some voice communications can be benign, others canbe sensitive in nature. Due to this sensitivity, the radios can try toprotect the transmission of these voice communications. If the radiosare part of a secure network, then they can employ an encryption scheme.However, if the radios are not part of a secure network, then they maynot be able share an encryption scheme and not have an encryption schemeoption for radio-to-radio communications.

SUMMARY

In one embodiment, a system, that is at least partially hardware,comprises a reception component, an addition component, and atransmission component. The reception component can be configured toreceive a non-encrypted voice communication from a first secure radionetwork. The addition component can be configured to add random noise tothe non-encrypted voice communication from the first secure radionetwork such that a first secure radio network-based noise-addednon-encrypted voice communication is produced. The transmissioncomponent can be configured to transmit the first secure radionetwork-based noise-added non-encrypted voice communication to a secondsecure radio network.

In another embodiment, a system, that can be part of a first securenetwork, can comprise a reception component, an encryption component,and a transmission component. The reception component can be configuredto receive a randomly-modified second secure network-based non-encryptedvoice communication by way of a non-encrypted communication channel. Theencryption component can be configured to encrypt, according to a firstnetwork encryption scheme, the randomly-modified second securenetwork-based non-encrypted voice communication into an encrypted firstsecure network voice communication. The transmission component can beconfigured to transmit the encrypted first secure network voicecommunication along the first secure network. The randomly-modifiedsecond secure network-based non-encrypted voice communication can bederived from an encrypted second secure network voice communication froma second secure network. The first secure network and the second securenetwork can be distinct networks. The encrypted second secure networkvoice communication can be encrypted in accordance with a second networkencryption scheme. The first network encryption scheme and the secondnetwork encryption scheme can be different encryption schemes.

In yet another embodiment, a system configured to be part of a firstsecure network comprises a reception component, a decryption component,and a transmission component. The reception component can be configuredto receive an encrypted first secure network voice communication with anintended destination of a second secure network. The decryptioncomponent can be configured to decrypt the encrypted first securenetwork voice communication with the intended destination of the secondsecure network into a decrypted first secure network voicecommunication. The transmission component can be configured to transmitthe decrypted first secure network voice communication to acommunication modification component. At the communication modificationcomponent, the decrypted first secure network voice communication can berandomly-modified to produce a randomly-modified decrypted first securenetwork voice communication. The randomly-modified decrypted firstsecure network voice communication can be transferred to the secondsecure network. The first secure network can employ a first encryptionscheme, the second secure network can employ a second encryption scheme,and the first encryption scheme and the second encryption schemes can bedifferent schemes.

BRIEF DESCRIPTION OF THE DRAWINGS

Incorporated herein are drawings that constitute a part of thespecification and illustrate embodiments of the detailed description.The detailed description will now be described further with reference tothe accompanying drawings as follows:

FIG. 1 illustrates one embodiment of a communication environmentcomprising a first secure network and a second secure network;

FIG. 2 illustrates one embodiment of a first secure network radio, afirst secure network decryptor, a converter, a second secure networkencryptor, and a second secure network radio;

FIG. 3 illustrates one embodiment of the decryptor comprising areception component, a decryption component, and a transmissioncomponent;

FIG. 4 illustrates one embodiment of the decryptor comprising thereception component, the decryption component, the transmissioncomponent, and a check component;

FIG. 5 illustrates one embodiment of the converter;

FIG. 6 illustrates one embodiment of the noise source level modifiercomprising a pseudorandom number generator, a controller, a digitalpotentiometer, and a voltage follower;

FIG. 7 illustrates one embodiment of an environment with a first radioand a second radio that communicate with an intermediary hardware unit;

FIG. 8 illustrates one embodiment of the converter comprising thereception component, an addition component, and the transmissioncomponent;

FIG. 9 illustrates one embodiment of the converter comprising thereception component, the addition component, the transmission component,and an identification component;

FIG. 10 illustrates one embodiment of the converter comprising thereception component, the addition component, the transmission component,a tamper detection component, and an output component;

FIG. 11 illustrates one embodiment of the encryptor comprising thereception component, an encryption component, and the transmissioncomponent;

FIG. 12 illustrates one embodiment of a system comprising the receptioncomponent, the encryption component, the transmission component, acollection component, the decryption component, and a transfercomponent;

FIG. 13 illustrates one embodiment of a system comprising a processorand a computer-readable medium;

FIG. 14 illustrates one embodiment of a method comprising three actions;

FIG. 15 illustrates one embodiment of a method comprising three actions;

FIG. 16 illustrates one embodiment of a method comprising three actions;

FIG. 17 illustrates one embodiment of a method comprising four actions;and

FIG. 18 illustrates one embodiment of a method comprising three actions.

DETAILED DESCRIPTION

Instances can occur in wireless communication where a first party wantsto give access to a second party to the first party's network. However,this access is not full access, but partial access. In one example, twomilitary forces from different nations can have a desire to communicatewith one another during a joint operation. While the nations may befriendly, for security reasons it may be best to not give full access toeach other's networks.

Therefore, an intermediary communications module can be used tofacilitate this partial access. In one example, a voice communicationfrom the first party's network can be decrypted and sent to theintermediary communications module. Noise, such as non-audible whitenoise, can be added to the voice communication and then thecommunication can be sent to the second party's network to be encryptedin accordance with the second party's network. This noise prevents thesecond party from using the communication to decipher an encryptionscheme of the first network while still allowing the communication to betransferred. This can also protect the first party since the secondparty cannot use the communication if the second party intercepts thefirst party's encrypted version of the communication.

The following includes definitions of selected terms employed herein.The definitions include various examples. The examples are not intendedto be limiting.

“One embodiment”, “an embodiment”, “one example”, “an example”, and soon, indicate that the embodiment(s) or example(s) can include aparticular feature, structure, characteristic, property, or element, butthat not every embodiment or example necessarily includes thatparticular feature, structure, characteristic, property, or element.Furthermore, repeated use of the phrase “in one embodiment” may or maynot refer to the same embodiment.

“Computer-readable medium”, as used herein, refers to a medium thatstores signals, instructions and/or data. Examples of acomputer-readable medium include, but are not limited to, non-volatilemedia and volatile media. Non-volatile media may include, for example,optical disks, magnetic disks, and so on. Volatile media may include,for example, semiconductor memories, dynamic memory, and so on. Commonforms of a computer-readable medium may include, but are not limited to,a floppy disk, a flexible disk, a hard disk, a magnetic tape, othermagnetic medium, other optical medium, a Random Access Memory (RAM), aRead-Only Memory (ROM), a memory chip or card, a memory stick, and othermedia from which a computer, a processor or other electronic device canread. In one embodiment, the computer-readable medium is anon-transitory computer-readable medium.

“Component”, as used herein, includes but is not limited to hardware,firmware, software stored on a computer-readable medium or in executionon a machine, and/or combinations of each to perform a function(s) or anaction(s), and/or to cause a function or action from another component,method, and/or system. Component may include a software controlledmicroprocessor, a discrete component, an analog circuit, a digitalcircuit, a programmed logic device, a memory device containinginstructions, and so on. Where multiple components are described, it maybe possible to incorporate the multiple components into one physicalcomponent or conversely, where a single component is described, it maybe possible to distribute that single component between multiplecomponents.

“Software”, as used herein, includes but is not limited to, one or moreexecutable instructions stored on a computer-readable medium that causea computer, processor, or other electronic device to perform functions,actions and/or behave in a desired manner. The instructions may beembodied in various forms including routines, algorithms, modules,methods, threads, and/or programs, including separate applications orcode from dynamically linked libraries.

FIG. 1 illustrates one embodiment of a communication environment 100comprising a first secure network 110 and a second secure network 120.The networks 110 and 120 can comprise a plurality of radios 110R and120R, respectively. In one embodiment, the first secure network 110 andthe second secure network 120 are separate and distinct networks,meaning that they do not share radios with one another. The radios 110Rcan communicate with one another according to a first encryption scheme110S. Similarly, the radios 120R can communicate with one anotheraccording to a second encryption scheme 120S that is different from thefirst encryption scheme 110S (e.g., the first encryption scheme 110S canbe more complex than the second encryption scheme).

However, there can be a desire for the first secure network 110 and thesecond secure network 120 to communicate with one another. In oneembodiment, the networks 110 and 120 can transfer unencryptedcommunications between one another (e.g., via a direct cableconnection). While this can result in successful communication, therecan also be drawbacks.

Consider the following example that will be used throughout the detaileddescription. A natural disaster, such as a wild fire, can occur near adecently sized population center. The local community can send theirlocal volunteer fire department (fire department) to help combat thefire. Additionally, the state governor can call-up the state NationalGuard (Guard) to also help combat the fire. The state National Guard canuse the first secure network 110 while the volunteer fire departmentuses the second secure network 120. There can be many instances wherethe Guard and fire department would benefit in communicating with oneanother, such as to identify where the fire is most intense and incoordinating efforts.

One manner of communication can be unencrypted communication. This,however, can have drawbacks. In one example, the fire department canhave foreign nationals or uncleared individuals serving as well as thepossibility of the unencrypted communication being observed by anon-friendly third party. An undesirable party can obtain theunencrypted communication and use the unencrypted communication to helpdecipher the senders encryption scheme, such as the first encryptionscheme 110S of the Guard. Since the Guard can use the first encryptedscheme to communicate with other military units (e.g., other stateNational Guards, a Reserve component, or an Active component),compromising of the first encryption scheme 110S can have devastatingconsequences. Therefore, while potentially available, direct unencryptedcommunication may not be desirable.

Additionally, different hardware can be used. In one example, the firedepartment can use different radios than the Guard. These radios can berelatively similar (e.g., the fire department uses model 123-A radiosand the Guard uses model 123-B radios), be from different companies(e.g., the fire department uses radios from company ABC while the Guarduses radios from company XYZ), have vastly different functionality(e.g., the fire department uses a minimal feature radio while the Guarduses a high feature radio), etc. Further, the networks 110 and 120 canuse different radios internally (e.g. the fire department is a jointteam from multiple municipal fire departments with differentmunicipalities employing different radios).

FIG. 2 illustrates one embodiment of a first secure network radio 210, afirst secure network decryptor 220, a converter 230, a second securenetwork encryptor 240, and a second secure network radio 250. In oneembodiment, the decryptor 220 and the encryptor 240 can be stand-alonecomponents (e.g., not radios). In one embodiment, the radio 250 can beone of the radios 120R of FIG. 1 and the encryptor 240 can be anotherone of the radios 120R of FIG. 1. The radio 210 can be one of the radios110R of FIG. 1 and the decryptor 220 can be another one of the radios110R of FIG. 1.

In one example, the radio 210 can be at a distance from a radio thatfunctions as the decryptor 220. The radio 210 can send a first networkencrypted communication 260 to the decryptor 220, such as sending thecommunication 260 wirelessly or by way of a hard-wired connection. Thedecryptor 220 can decrypt the communication 260 to produce a firstnetwork decrypted communication 270. The decryptor 220 can send thecommunication 270 to the converter 230, such as sending thecommunication 270 by way of a first hard wire channel.

The converter 230 can add noise to the communication 270, such as randomwhite noise that is not at a level to be audible to the human ear, toproduce a first network noise added decrypted communication 280. Thecommunication 280 can be sent to the encryptor 240, such as by way of asecond hard wire channel. The encryptor 240 can encrypt thecommunication 280 in accordance with the second encryption scheme 120Sof FIG. 1. This can produce a first network noise added encryptioncommunication 290. The encryptor 240 can send the communication 290 tothe radio 250, such as sending the communication 290 wirelessly or byway of a hard-wired connection.

The radio 250 can therefore receive a communication from the radio 210despite the radios 210 and 250 being part of different secure networks.Additionally, through the addition of the random noise, the secondnetwork is not able to use the communications 280 or 290 to learn thefirst encryption scheme 110S of FIG. 1. With the hard wire channels, thefirst secure network 110 of FIG. 1 and the second secure network 120 ofFIG. 1 can both connect easily so that communications can be sharedwithout compromising network security.

In one embodiment, the second network 120 of FIG. 1 does not use anencryption scheme. However, the first network 110 of FIG. 1 can stilluse the encryption scheme 110S of FIG. 1. Since it can still be asecurity risk for a user of the first network 110 of FIG. 1 to haveunencrypted communications sent while also employing an encryptionscheme, the converter 230 can be used to employ the noise. Forcommunications from the second network 120 of FIG. 1, the noise can beadded when transferred to the first network 110 of FIG. 1.

With an example scenario, the network 110 of FIG. 1 has two radios 110Rof FIG. 1—Radio 1-A and Radio 1-B—and the network 120 of FIG. 1 has tworadios 120R of FIG. 1—Radio 2-A and Radio 2-B. Two radios, one from eachnetwork 110 and 120, both of FIG. 1, can be collected and connected tothe converter 230 to support retransmission (e.g., a separate converterunit or the radios 1-A and 2-B have components capable of performingconversion). If Radios 1-A and 2-A are selected, the audio out of Radio1-A, that is decrypted baseband audio, can be connected to the audio inof Radio 2-A (e.g., directly connected or connected via a converterunit). The converter 230 can take decrypted baseband audio, modify thedecrypted baseband audio, and output the modified baseband audio. Themodification an include adding noise (e.g., adding white noise, adding arandom signal, adding a wobble tone, or adding a random sub-audio tone)to the decrypted baseband audio or otherwise modifying the decryptedbaseband audio.

FIG. 3 illustrates one embodiment of the decryptor 220 comprising areception component 310, a decryption component 320, and a transmissioncomponent 330. In one embodiment, the decryptor 220 is part of a radio(e.g. a radio with encryption and/or decryption capabilities). In oneembodiment, the decryptor 220 is a stand-alone component (e.g.,hard-wired to a physically separate radio).

The reception component 310 can be configured to receive an encryptedfirst secure network voice communication (e.g., the communication 260)with an intended destination of the second secure network 120 of FIG. 1.The decryption component 320 can be configured to decrypt the encryptedfirst secure network voice communication with the intended destinationof the second secure network into a decrypted first secure network voicecommunication (e.g., the communication 270). The transmission component330 can be configured to transmit the decrypted first secure networkvoice communication to a noise addition component (e.g., the converter230 of FIG. 2).

At the noise addition component, random noise can be added and after therandom noise is added the decrypted first secure network voicecommunication is transferred to the second secure network 120 of FIG. 1.The noise addition component can transfer the decrypted first securenetwork voice communication with noise added to the encryptor 240 ofFIG. 2 for encryption in accordance with the second encryption scheme120S of FIG. 1.

While above examples relate to the noise addition component asfunctioning with two networks, more than two networks can employ theconverter. Returning to the fire department/National Guard scenario, acounty sheriff can also become involved using communications equipmentthat functions off a third secure network with a third encryptionscheme. The converter 230 of FIG. 2 can function commonly for the threeparties to communicate together or three converters 230 of FIG. 2 can beemployed for different communications among the secure networks (e.g.,fire department-National Guard communication, fire department-countysheriff communication, and National Guard-county sheriff communication).In one embodiment, the third secure network can communicate with thefirst secure network 110 of FIG. 1, but not the second secure network120 of FIG. 1.

The decrypted first secure network voice communication can be considereda first decrypted first secure network voice communication. Thereception component 310 can be configured to receive an encrypted firstsecure network voice communication with an intended destination of athird secure network. The decryption component is configured to decryptthe encrypted first secure network voice communication with the intendeddestination of the third secure network into a second decrypted firstsecure network voice communication. The transmission component 330 canbe configured to transmit the second decrypted first secure networkvoice communication to the noise addition component where random noiseis added and after the random noise is added the second decrypted firstsecure network voice communication is transferred to the third securenetwork.

With this, the decryptor 220 can function as a router. A radio 110R canproduce the communication 260. This communication 260 can includecontent as well as directional information communicated in a header. Thedecryptor 220 can read the header to determine the intended destinationof the communication. Based on this, the decryptor 220 can send thecommunication to the appropriate converter 230 of FIG. 2. When a commonconverter 230 of FIG. 2 is used, the converter 230 of FIG. 2, inaddition to modifying the audio stream, can function as the router andprocess header information (e.g., two communications sent—a non-noisedadded direction instruction sent from the converter 230 of FIG. 2 andthe noise-added communication). However, aspects can be practicedwithout header information.

FIG. 4 illustrates one embodiment of the decryptor 220 comprising thereception component 310, the decryption component 320, the transmissioncomponent 330, and a check component 410. The check component 410 can beconfigured to perform a check as to whether the noise addition componenthas experienced a tampering. This check can be a self-diagnostic toolreviewing an access log, a scanner to see if physical hardware has beenmodified, a tester (e.g., testing if the noise added is random), etc.The check component 410 can function when the decryptor 220 initiallyengages with the converter 230 of FIG. 2 and/or periodically whileengaged.

In one embodiment, the check can have an outcome that the converter 230of FIG. 2 has experienced a tampering. In response to this, the checkcomponent can prevent the transmission component from transmitting thedecrypted first secure network voice communication to the converter 230of FIG. 2. Additionally or alternatively, an alert can be produced(e.g., a light flashes, a warning ton can be mixed into the audiosignal, or a message can be sent to an administrator), such as upondetection of a tamper condition.

FIG. 5 illustrates one embodiment of the converter 230. Whenpush-to-talk (PTT) is selected by a user, an audio in detect circuit 505a can allow PTT communication such that the unencrypted communication(e.g., baseband audio) from the first network 110 of FIG. 1 to bereceived as a level modifier 510. The level modifier 510 a can send thesignal to a summing circuit 515. A set of noise sources 520 a (one ormore noise sources) can provide random noise as noise modifiers 525 athat in turn also feed to the summing circuit 515 a (e.g., summingamplifier). The noise modifiers 525 a can be varied over time and/ormultiple sources can be engaged over times in random ways so therandomness is not only in the noise itself, but can also be random overtime. The summing circuit 515 a can produce a modified audio out 530 a(e.g., the communication 280 of FIG. 2) by summing audio output from thelevel modifier 510 a with noise signal outputs from the noise modifiers525 a. The modified audio out 530 a can be sent to the second network120 of FIG. 1 for encryption.

The converter 230 can be multi-directional. In one example, 505 a-530 acan be mirrored as 505 b-530 b for communication from the second network120 of FIG. 1 to the first network 110 of FIG. 1. While two networks arediscussed, more complex implementations can be practiced, such as theconverter 230 facilitating communication to three or more networks orfacilitating limited communication among networks (e.g., a primarynetwork communicating with a secondary network and a tertiary network,but not facilitating communication between the secondary network and thetertiary network). In one embodiment, items of the converter 230 can becombined (e.g., a single set of noise modifiers can be used as opposedto two sets 520 a and 520 b).

In one embodiment, the converter 230 can include tramper resistantfeatures. A tamper detector set 535 a and 535 b (e.g., a single tamperdetector) can detect that the converter 230 and/or an associated radiohas been tampered with such that security may be compromised. A warningtone generator 540 can function to add a warning tone (e.g., humanaudible tone at predetermined level and/or frequency) to an outgoingcommunication notifying a user that the converter has been tamperedwith. The additional warning tone can be input to the summing circuits515 a and 515 b.

In one embodiment, a set of switches 545 a and 545 b can be employed toregulate addition of the warning tone. The switches 545 a and 545 b canremain open. In one example, when the tamper detector 535 a determinestampering has occurred, a warning tone output control 550 (e.g., acontroller) can cause the switch 545 a to close. This closing can causethe warning tone generator 540 to send a tone that arrives at thesumming circuit 515 a for summation. This summation can cause the audiooutput to have a warning tone. The warning tone can alert a listener ora receiving radio that the converter 230 may have been compromised. Inview of this, the receiving network may not elect to encrypt the outputwith its encryption scheme or continue communicating since the noiseadded may not be random and therefore may pose a security threat.

FIG. 6 illustrates one embodiment of the noise source level modifier 525comprising a pseudorandom number generator 610, a controller 620, adigital potentiometer 630, and a voltage follower 640. This noise sourcelevel modifier can vary amplitude of the noise for added variance (e.g.,noise is added and amplitude of the noise is varied over time). Thepseudorandom number generator 610 can generate a pseudorandom number andthis number is provided to the controller 620 along with a clock signal.The controller 620 can employ a processor and memory to produce acontrol I/O signal. The control algorithm of the controller 620 takesthe number and uses it to vary the produced control I/O signal. Thevaried control I/O signal is supplied to the potentiometer 630 and sincethe control I/O signal is varied, the resistance of the potentiometer isvaried. The potentiometer 630 can be controlled by the control I/Osignal received to produce a modified level out. The modified level outcan be fed to a blocking capacitor (e.g., if appropriate). The output ofthe blocking capacitor can be put into the non-inverting terminal of thevoltage follower 640. The output of voltage follower 640 is input to thedesired summing circuit (e.g., summing circuit 515 a of FIG. 5).

Protections can be put into place so that the output of the voltagefollower 640 remains random. In one embodiment, the control algorithmcan function with a capping feature to ensure randomness. The controlalgorithm can be supplied with a maximum value threshold and a minimumvalue threshold. If the modified level out reaches either the maximum orminimum, then the control algorithm can cause a respective drop or riseso that the potentiometer 630 does not become stuck and an extreme value(and therefore losing randomness).

FIG. 7 illustrates one embodiment of an environment 700 with a firstradio 710 (e.g., a radio 110R of FIG. 1 on the first secure network 110of FIG. 1) and a second radio 720 (e.g., a radio 120R of FIG. 1 on thefirst secure network 120 of FIG. 1) that communicate with anintermediary hardware unit 730. The connections between the unit 730 andthe radios 710 and 720 can be hardwired, movable physical wires, etc. Inone example, with the movable physical wires, the wires can connect withaudio ports 710 p and 720 p (e.g., one in and one out wire for eachport, a single out and multiple in wires, a common wire for in and out,etc.). The unit 730 can comprise the converter 230 and use the ports 710p and 720 p along with the converter 230 to facilitate communicationbetween the radios 710 and 720.

FIG. 8 illustrates one embodiment of the converter 230 comprising thereception component 310, an addition component 810, and the transmissioncomponent 330. The reception component 310 can be configured to receivea non-encrypted voice communication (e.g., the communication 270) from afirst secure radio network (e.g., the first secure network 110 of FIG.1). The addition component 810 can be configured to add random noise tothe non-encrypted voice communication from the first secure radionetwork such that a first secure radio network-based noise-addednon-encrypted voice communication (e.g., the communication 280) isproduced. The transmission component 330 can be configured to transmitthe first secure radio network-based noise-added non-encrypted voicecommunication to a second secure radio network (e.g., the second securenetwork 120 of FIG. 1).

FIG. 9 illustrates one embodiment of the converter 230 comprising thereception component 310, the addition component 810, the transmissioncomponent 330, and an identification component 910. The identificationcomponent 910 can be configured to determine a communication destinationbetween the second secure radio network and a third secure radionetwork. The transmission component 330 can be configured to transmitthe first secure radio network-based noise-added non-encrypted voicecommunication to the second secure radio network when the determinationis that the communication destination is the second secure radionetwork. Similarly, the transmission component 330 can be configured totransmit the first secure radio network-based noise-added non-encryptedvoice communication to the third secure radio network when thedetermination is that the communication destination is the third secureradio network.

The reception component 310, addition component 810, and transmissioncomponent 330 can do the same for communications from the second securenetwork to the first secure network as well as other networks (e.g., athird secure network). Additionally, networks can share radios so that aradio is part of more than one network (e.g., the radio being sharedbetween networks supports multiple transmission and/or receptioncapabilities, such as being capable of storing and processing multiplekeys). Returning to the fire example, three networks can be used—theGuard, the Fire Department, and a regular Army unit (Army), such as froma corps of engineers. A specific radio can be configured to communicateon the Army network and the Guard network. When the transmissioncomponent 330 transmits the communication 280 to the specific radiothere can be header information to know what network the communicationis intended for. In response to this, the radio can encrypt accordingly.

FIG. 10 illustrates one embodiment of the converter 230 comprising thereception component 310, the addition component 810, the transmissioncomponent 330, a tamper detection component 1010, and an outputcomponent 1020. The tamper detection component 1010 (e.g., the tamperdetector set 535 a of FIG. 5) can be configured to make a determinationif the addition component 810 is tampered with such that the randomnoise is not added to the non-encrypted voice communication from thefirst secure radio network. The output component 1020 (e.g., the warningtone generator 540 of FIG. 5, the set of switched 545 a and 545 b ofFIG. 5, the warning tone output control 550 of FIG. 5, or a combinationthereof) can be configured to output an indicator when the determinationis that tampering has occurred.

In one example, the indicator is a light that flashes on an outside ofhousing of the converter 230. With this, a user can be alerted that theconverter 230 may have experienced a tampering. However, the user maywant to still use the converter 230. For example, in the fire scenario,the need for emergency rescue may be so great that it outweighs securityconcerns. Using a light can alert parties that security may be comprisedand therefore the parties may want to be mindful of what is said sincecommunication may be compromised. Using the light as a tamper indicatorcan allow the communication to continue unchanged (as opposed to when ahuman-audible tone is added).

FIG. 11 illustrates one embodiment of the encryptor 240 comprising thereception component 310, an encryption component 1110, and thetransmission component 330. The reception component 310 can beconfigured to receive a random noise-added first network-basednon-encrypted voice communication (e.g., the communication 280) by wayof a non-encrypted communication channel (e.g., hardwire channel). Theencryption component 1110 can be configured to encrypt, according to thesecond network encryption scheme 120S of FIG. 1, the random noise-addedfirst secure network-based non-encrypted voice communication into anencrypted first secure network voice communication (e.g., thecommunication 290). The transmission component 330 can be configured totransmit the encrypted first secure network voice communication alongthe second secure network 110 of FIG. 1.

The encryptor 240 can be part of a radio 110R and/or 120R of FIG. 1, somessages, such as voice communications, can transfer both from the firstnetwork 110 of FIG. 1 to the second network 120 of FIG. 1 and from thesecond network 120 of FIG. 1 to the first network 110 of FIG. 1.Similarly, the encryptor 240 can receive messages from multiple securenetworks. These multiple messages can be received from, and have noiseadded by, a single noise addition component (e.g., the converter 230 ofFIG. 2).

Conversely, these multiple messages can be received from different noiseaddition components (e.g., different converters). In one example, asingle radio can connect with multiple converters. This can allow thesingle radio that functions on a first secure radio network tocommunicate with a second secure radio network by way of a firstconverter and to communicate with a third secure radio network by way ofa second converter distinct and separate from the first converter. Thiscan allow the first secure radio network to communicate with the secondand third secure radio networks. This can take place with or without thesecond secure radio network and the third secure radio network directlycommunicating with one another (e.g., the first secure radio network canfunction as a pass through to facilitate communication between thesecond secure radio network and the third secure radio network whendirect communication is unavailable).

In one embodiment, the encryptor 240 can employ the check component 410of FIG. 4 to perform a check as to whether a source of the randomnoise-added second secure network-based non-encrypted voicecommunication has experienced tampering. In one example, a message canbe received and the encryptor 240 can determine if tampering hasoccurred. If tampering has occurred, then the message can be deleted, besent along without encryption, etc. If tampering has not occurred, theencryptor 240 can read an intended destination (e.g., a destinationradio of the receiving network), subject the message to the encryptor'sencryption scheme, and send the message to the intended destination(e.g., directly or by way of relay).

FIG. 12 illustrates one embodiment of a system 1200 comprising thereception component 310, the encryption component 1110, the transmissioncomponent 330, a collection component 1210, the decryption component320, and a transfer component 1220. The system 1200 can function as aradio with the encryptor 240 of FIG. 2 (e.g., the reception component310, the encryption component 1110, and the transmission component 330)and the decryptor 220 of FIG. 2 (e.g., the collection component 1210,the decryption component 320, and the transfer component 1220). Thisallows a single radio to be able to decrypt communications that areleaving the radio's network and encrypt communications that are enteringthe radio's network.

The collection component 1210 can be configured to collect a networkoutgoing communication that originates within a secure network of thesystem 1200 when functioning as a radio. The decryptor component 320 candecrypt the network outgoing communication. The transfer component 320can transfer, by way of a non-encrypted communication channel, thedecrypted communication to the converter 230 of FIG. 2.

FIG. 13 illustrates one embodiment of a system 1300 comprising aprocessor 1310 (e.g., a general purpose processor, a processorspecifically designed for performing a functionality disclosed herein,etc.) and a computer-readable medium 1320 (e.g., non-transitorycomputer-readable medium). In one embodiment, the computer-readablemedium 1320 is communicatively coupled to the processor 1310 and storesa command set executable by the processor 1310 to facilitate operationof at least one component disclosed herein (e.g., the decryptioncomponent 320 of FIG. 3). In one embodiment, at least one componentdisclosed herein (e.g., the transmission component 330 of FIG. 3) can beimplemented, at least in part, by way of non-software, such asimplemented as hardware by way of the system 1300. In one embodiment,the computer-readable medium 1320 is configured to storeprocessor-executable instructions that when executed by the processor1310, cause the processor 1310 to perform a method disclosed herein(e.g., the methods 1400-1800 addressed below).

FIG. 14 illustrates one embodiment of a method 1400 comprising threeactions 1410-1430. The method 1400 can, in one example, be performed bya radio 110R of FIG. 1 by way of the decryptor 220 of FIG. 2. At 1410,an encrypted communication can be received. At 1420, the receivedencrypted communication can be decrypted. At 1430, the decryptedcommunication can be transferred to the converter 230 of FIG. 2.

FIG. 15 illustrates one embodiment of a method 1500 comprising threeactions 1510-1530. The method 1500 can, in one example, be performed bythe converter 230 of FIG. 2. There can be, at 1510 receiving anunencrypted communication from a radio 110R of FIG. 1 of the firstsecure network 110 of FIG. 1. At 1520, random noise (e.g., white noise)can be added to the unencrypted communication. At 1530, the unencryptedcommunication with added random noise can be transmitted to the secondsecure network 120 of FIG. 1.

FIG. 16 illustrates one embodiment of a method 1600 comprising threeactions 1610-1630. The method 1600 can, in one example, be performed bya radio 110R of FIG. 1 by way of the encryptor 240 of FIG. 2. At 1610, adecrypted white noise added communication can be received from theconverter 230 of FIG. 2. At 1620, the received communication can beencrypted along with the white noise. At 1630, the encryptedcommunication can be transferred to a destination radio. The destinationradio can be part of the same secure network as the radio performing themethod 1600.

FIG. 17 illustrates one embodiment of a method 1700 comprising fouractions 1710-1730. The method 1700 can, in one example, be performed bythe converter 230 of FIG. 2. At 1710, a communication situation can beidentified, such as receiving a communication designated for white noiseaddition (e.g., receive the communication along a dedicated hardwirechannel). At 1720, a check can be performed to determine if theconverter 230 of FIG. 2 has experienced a tampering (e.g., physicaltampering to the converter 230 of FIG. 2 or software tampering/asoftware tampering attack occurs to the converter 230 of FIG. 2). If so,then the situation can be rejected at 1730 or alternative arrangementsmade (e.g., the communication is moved forward, but with a notificationof the tampering such as an addition of a warning tone). If tampering isnot detected, then the communication situation can proceed as normal.

FIG. 18 illustrates one embodiment of a method 1800 comprising threeactions 1810-1830. The method 1800 can, in one example, be performed bythe converter 230 of FIG. 2. At 1810, a voice communication can bereceived. At 1820, the voice communication can be digitized. At 1830,subaudible tones can be overlaid on the digitized audio. Thesesubaudible tones can be the noise or can be the notification of thetampering.

While the example of the military and fire department is used throughoutthe detailed description, one should appreciate that this technology canhave application in a wide variety of fields. One example includesallowing two companies to communicate with one another, includingnon-audio communication, by adding random values to a communication.Another example includes allowing two military forces from differentnations to communicate with one another.

While the methods disclosed herein are shown and described as a seriesof blocks, it is to be appreciated by one of ordinary skill in the artthat the methods are not restricted by the order of the blocks, as someblocks can take place in different orders. Similarly, a block canoperate concurrently with at least one other block.

What is claimed is:
 1. A system, that is part of a first secure network,comprising: a reception component configured to receive arandomly-modified second secure network-based non-encrypted voicecommunication by way of a non-encrypted communication channel; anencryption component configured to encrypt, according to a first networkencryption scheme, the randomly-modified second secure network-basednon-encrypted voice communication into an encrypted first secure networkvoice communication; and a transmission component configured to transmitthe encrypted first secure network voice communication along the firstsecure network, where the randomly-modified second secure network-basednon-encrypted voice communication is derived from an encrypted secondsecure network voice communication from a second secure network, wherethe first secure network and the second secure network are distinctnetworks, where the encrypted second secure network voice communicationis encrypted in accordance with a second network encryption scheme, andwhere the first network encryption scheme and the second networkencryption scheme are different encryption schemes.
 2. The system ofclaim 1, where the randomly-modified second secure network-basednon-encrypted voice communication is a second secure network-basednon-encrypted voice communication modified by addition of random noisethat is not at a human audible level.
 3. The system of claim 1, wherethe encrypted first secure network voice communication is a firstencrypted first secure network voice communication, where the receptioncomponent is configure to receive a randomly-modified third securenetwork-based non-encrypted voice communication from the non-encryptedcommunication channel, where the encryption component is configured toencrypt, according to the first network encryption scheme, therandomly-modified third secure network-based non-encrypted voicecommunication into a second encrypted first secure network voicecommunication, where the transmission component is configured totransmit the second encrypted first secure network voice communicationalong the first secure network, where the randomly-modified third securenetwork-based non-encrypted voice communication is derived from anencrypted third secure network voice communication from a third securenetwork, where the first secure network and the third secure network aredistinct networks, where the second secure network and the third securenetwork are distinct networks, where the encrypted third secure networkvoice communication is encrypted in accordance with a third networkencryption scheme, where the first network encryption scheme and thesecond network encryption scheme are different encryption schemes. 4.The system of claim 3, where the randomly-modified second securenetwork-based non-encrypted voice communication is received from asingle noise addition component that adds random noise to the secondsecure network-based non-encrypted voice communication and where therandom noise-added third secure network-based non-encrypted voicecommunication is received from the single noise addition component thatadds random noise to the third secure network-based non-encrypted voicecommunication.
 5. The system of claim 3, where the randomly-modifiedsecond secure network-based non-encrypted voice communication isreceived from a first noise addition component that adds random noise tothe second secure network-based non-encrypted voice communication, wherethe randomly-modified third secure network-based non-encrypted voicecommunication is received from a second noise addition component thatadds random noise to the third secure network-based non-encrypted voicecommunication, and where the first noise addition component and thesecond noise addition component are separate and distinct components. 6.The system of claim 1, comprising: a collection component configured tocollect an encrypted first secure network voice communication with anintended destination of a second secure network; a decryption componentconfigured to decrypt the encrypted first secure network voicecommunication into a decrypted first secure network voice communication;and a transfer component configured to transfer the decrypted firstsecure network voice communication to a noise addition component whererandom noise is added and after the random noise is added the decryptedfirst secure network voice communication is transferred to the secondsecure network.
 7. The system of claim 6, where the non-encryptedcommunication channel is a hardwire channel, where the transmissioncomponent is configured to transmit the encrypted first secure networkvoice communication along the first secure network wirelessly, and wherethe transfer component is configured to transfer the decrypted firstsecure network voice communication to the noise addition component byway of the non-encrypted communication channel.
 8. The system of claim1, comprising: a check component configured to perform a check on if asource of the randomly-modified second secure network-basednon-encrypted voice communication has experienced a tampering, where theencryption component is prevented from encrypting the randomly-modifiedsecond secure network-based non-encrypted voice communication if thecheck has an outcome that the source has experienced the tampering.
 9. Anon-transitory computer-readable medium, which is part of a first securenetwork, configured to store processor-executable instructions that whenexecuted by a processor, cause the processor to perform a method, themethod comprising: receiving a randomly-modified second securenetwork-based non-encrypted voice communication by way of anon-encrypted communication channel; encrypting, according to a firstnetwork encryption scheme, the randomly-modified second securenetwork-based non-encrypted voice communication into an encrypted firstsecure network voice communication; and transmitting the encrypted firstsecure network voice communication along the first secure network, wherethe randomly-modified second secure network-based non-encrypted voicecommunication is derived from an encrypted second secure network voicecommunication from a second secure network, where the first securenetwork and the second secure network are distinct networks, where theencrypted second secure network voice communication is encrypted inaccordance with a second network encryption scheme, and where the firstnetwork encryption scheme and the second network encryption scheme aredifferent encryption schemes.
 10. The non-transitory computer-readablemedium of claim 9, where the randomly-modified second securenetwork-based non-encrypted voice communication is a second securenetwork-based non-encrypted voice communication modified by addition ofrandom noise that is not at a human audible level.
 11. Thenon-transitory computer-readable medium of claim 9, where the encryptedfirst secure network voice communication is a first encrypted firstsecure network voice communication, where the reception component isconfigure to receive a randomly-modified third secure network-basednon-encrypted voice communication from the non-encrypted communicationchannel, where the encryption component is configured to encrypt,according to the first network encryption scheme, the randomly-modifiedthird secure network-based non-encrypted voice communication into asecond encrypted first secure network voice communication, where thetransmission component is configured to transmit the second encryptedfirst secure network voice communication along the first secure network,where the randomly-modified third secure network-based non-encryptedvoice communication is derived from an encrypted third secure networkvoice communication from a third secure network, where the first securenetwork and the third secure network are distinct networks, where thesecond secure network and the third secure network are distinctnetworks, where the encrypted third secure network voice communicationis encrypted in accordance with a third network encryption scheme, wherethe first network encryption scheme and the second network encryptionscheme are different encryption schemes.
 12. The non-transitorycomputer-readable medium of claim 11, where the randomly-modified secondsecure network-based non-encrypted voice communication is received froma single noise addition component that adds random noise to the secondsecure network-based non-encrypted voice communication and where therandom noise-added third secure network-based non-encrypted voicecommunication is received from the single noise addition component thatadds random noise to the third secure network-based non-encrypted voicecommunication.
 13. The non-transitory computer-readable medium of claim11, where the randomly-modified second secure network-basednon-encrypted voice communication is received from a first noiseaddition component that adds random noise to the second securenetwork-based non-encrypted voice communication, where therandomly-modified third secure network-based non-encrypted voicecommunication is received from a second noise addition component thatadds random noise to the third secure network-based non-encrypted voicecommunication, and where the first noise addition component and thesecond noise addition component are separate and distinct components.14. The non-transitory computer-readable medium of claim 9, the methodcomprising: collecting an encrypted first secure network voicecommunication with an intended destination of a second secure network;decrypting the encrypted first secure network voice communication into adecrypted first secure network voice communication; transferring thedecrypted first secure network voice communication to a noise additioncomponent where random noise is added and after the random noise isadded the decrypted first secure network voice communication istransferred to the second secure network.
 15. The non-transitorycomputer-readable medium of claim 14, where the non-encryptedcommunication channel is a hardwire channel, where the transmissioncomponent is configured to transmit the encrypted first secure networkvoice communication along the first secure network wirelessly, and wherethe transfer component is configured to transfer the decrypted firstsecure network voice communication to the noise addition component byway of the non-encrypted communication channel.
 16. The non-transitorycomputer-readable medium of claim 9, the method comprising: performing acheck on if a source of the randomly-modified second securenetwork-based non-encrypted voice communication has experienced atampering, where the encryption component is prevented from encryptingthe randomly-modified second secure network-based non-encrypted voicecommunication if the check has an outcome that the source hasexperienced the tampering.
 17. The non-transitory computer-readablemedium of claim 9, where the non-transitory computer-readable medium isresident upon an intermediary communications hardware module.
 18. Anintermediary communications hardware module that includes anon-transitory computer-readable medium and a processor and that links afirst secure network with a second secure network, the computer-readablemedium is communicatively coupled to the processor and stores a commandset executable by the processor to facilitate operation of a componentset, the component set comprising: a reception component configured toreceive a randomly-modified second secure network-based non-encryptedvoice communication by way of a non-encrypted communication channel; anencryption component configured to encrypt, according to a first networkencryption scheme, the randomly-modified second secure network-basednon-encrypted voice communication into an encrypted first secure networkvoice communication; and a transmission component configured to transmitthe encrypted first secure network voice communication along the firstsecure network, where the randomly-modified second secure network-basednon-encrypted voice communication is derived from an encrypted secondsecure network voice communication from the second secure network, wherethe first secure network and the second secure network are distinctnetworks, where the encrypted second secure network voice communicationis encrypted in accordance with a second network encryption scheme, andwhere the first network encryption scheme and the second networkencryption scheme are different encryption schemes.
 19. The intermediarycommunications hardware module of claim 18, where the randomly-modifiedsecond secure network-based non-encrypted voice communication is asecond secure network-based non-encrypted voice communication modifiedby addition of random noise that is not at a human audible level. 20.The intermediary communications hardware module of claim 18, thecomponent set comprising: a collection component configured to collectan encrypted first secure network voice communication with an intendeddestination of a second secure network; a decryption componentconfigured to decrypt the encrypted first secure network voicecommunication into a decrypted first secure network voice communication;and a transfer component configured to transfer the decrypted firstsecure network voice communication to a noise addition component whererandom noise is added and after the random noise is added the decryptedfirst secure network voice communication is transferred to the secondsecure network.